Announcing the OBVIOUS: Puppy, Replacement - WinXP/Vista/7/8

News, happenings
Message
Author
jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#76 Post by jpeps »

mikeb wrote:
dropbox...have you played with dropbox uploader bash script...if not it might be right up your street.

mike
Built it into my apps, and put it into the menu. Great for moving from data amongst computers and devices.
I rejected a device recently as we have a ton of creative software that requires windows and I saw nothing that came close to it on android.


I'm more interested in exploring new functionality vs replicating what already works well. The quality and quantity of available applications, however, is nothing short of phenomenal and rapidly moving into the serious business arena.
myth... its worth learning about browser integration, active x dcom and the adverse effect it had the security of the operating system.
All bets are off with an unsecure browser for any OS. Same holds true for unprotected sex.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#77 Post by mikeb »

If you understood the structure of the IE 'browser ' you would not be calling it a browser...its worth getting familiar and understand how its insecurity model has nothing to do with web browsers as stand alone programs.

thats over use of the word browser so heres some more...

comparing IE to any other browser comes under the apples and pears heading in terms of system security.

All browsers have potential security leaks.... IE on the other hand is merely a part of an integrated internet connected desktop system with fundamental security flaws in its design that can never be fully addressed.

I only stress this as its core to the understanding of what we are all dealing with (or not ) when it comes to safeguarding our machines on the internet.

I only came across the information on a journey from miserable windows existance like everyone else to it ceasing to be a problem. So did others mis inform me as if so its uncanny how i have survived this long based on flawed data.

anyway... there is a house to repaint so time to leave such matters back under the rug....


mike

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#78 Post by jpeps »

mikeb wrote:
comparing IE to any other browser comes under the apples and pears heading in terms of system security.
I think that's certainly apropos for this thread, "Announcing the OBVIOUS."
There are probably many excellent reasons not to use IE, but it's been well over a decade since I've heard anyone discussing it.

edit: Maybe not...I think I recall hearing the tail end of some show on NPR where someone claimed that IE isn't really as bad as people think it is.

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#79 Post by rufwoof »

mikeb wrote:If a mechanism for virus intrusion is removed or simply not present in the first place then adding additional protection seems mute .... I have never taken any steps with regard to additional security when running linux...I regard it as inherently safe..so do others...I suspect so do you
That's the wrong way to think about it IMO. Reverse it completely and assume any system to have been breached and be insecure.

A fortress is only as strong as its weakest point. Have a look at just one instance of a single browser and its historic versions and the potential weaknesses that existed at one point or another http://www.mozilla.org/security/known-v ... oxESR.html. I'm not specifically suggesting that browser to be bad, just using it as one example only. Similar risks can equally have existed for all other programs .. of which there are ... many.

All it takes is for one breach at one point in time that perhaps let it a small program. Let's assume a simple wget type program that sends out a 'I'm here, what command would you like me to try' request, receives something back from the external server and then tries that code .... repeatedly asking and trying. I'd sugget within less than a minute it could have identified the operating system and installed something more disguised and permanent. Virus checkers can only test and remove known virus/trogans. Potentially for each known virus/trogan there could be a unknown virus/trogan, sitting deeply within a system and heavily disguised.

Linux is not imune to such threats, or more cleverer threats. As such it should be considerd as open as any other system. The best defence is to treat a private PC as being as open as a public PC and not store anything you wouldn't mind being made public, nor use it to connect to banking/financial systems. For banking - use a fresh read only (single session DVD) image of the operating system (with firewall) and browser, power down the PC, power up again and boot to that fresh image, only connect directly with the banks system (i.e. don't browse elsewhere before or after), perform the transactions and power down again and reboot into a normal session. Puppy is great for that as you can create a bootable CD just for that purpose, you could even recompile from source code to do that if you desired (but that is perhaps extreme). To a large extent is doesn't matter if the op system or browser is old/weak as there is little opportunity to exploit weaknesses when used in that manner (so you don't have to repeatedly recreate new boot DVD's - but obviously its worth doing so once in a while).

The latest windows versions that (generally) lock out booting from USB or DVD as a claimed security mechanism is rubbish. The enclosed system will be exposed to exploits and be breached relatively easily which totally negates that boot device security - and worst still makes alternative security measures such as booting a clean DVD puppy/browser a less viable option.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#80 Post by greengeek »

rufwoof wrote:The latest windows versions that (generally) lock out booting from USB or DVD as a claimed security mechanism is rubbish. The enclosed system will be exposed to exploits and be breached relatively easily which totally negates that boot device security
Exactly - UEFI seems to me to be an ironclad, rock solid way to boot an insecure system. Not for me thanks.

gcmartin

#81 Post by gcmartin »

Yes, UEFI (all PC manufacturers) and EFI (Apple) is merely a means to "brand" a PC for a given OS vendor.

We just saw, last week, one vendor who had planned to release a dual boot (Windows8+ & Android) have its plans halted. What is not reported is the reason: UEFI licensing, maybe??? We have seen the reporting suggest marketing and branding.

We have enough understanding in this community to get past the hype and the emotion to focus on a great RAM based OS that mimics Apple and Microsoft as it should be attractive to people who seek to discover how to use what they have heard about without compromising their existing configuration. Puppy offers this as well as providing pathways to a more traditional solution of running from an HDD, as well as non-traditional removal media approaches. Flexibility!

We just need to insure our functionality provides equivalent, up to date technology, in the packaging as PUPs have traditionally followed allowing community members to provide support that they understand and are accustomed to. Not just the ever-important kernel, but the subsystems as well; namely video, audio, multimedia, LAN services, Office, along with newer Cloud and up to date external attachment capabilities. We need to focus on functionality and insure that the minimalist understand or have some tool to throw out what "they" don't want. Remember: Minimalist already understand Linux and have no problems navigating their ways thru any distro; whereas, converts are new, naive, and seeking understanding in something they are unaccustomed to.

We are already seeing forum members with forward-thinking solutions. Examples have already been mentioned by me as well as a look at the 2 very forward approaches by ETP and company.

This shows that PUPs "CAN" be generated that embraces new OS delivery on PC platforms of all kinds.

Everyone, we have bits and pieces scattered, we just need a true Apple/Windows functional replacement where NOTHING needs be installed to allow any user to launch with exactly similar functionality seen from mainstream vendors. And when we have it WE need to flaunt it!

In my years in Puppyland, noone seems to want to look at this, this way. I'm not sure why, but, I think we are so mature in PUP and PUP development (WOOF-CE for example) that our focus just needs a little twerking (I meant that word) to change how we have avoided looking at things to look at going full steam into the future without compromising what we have already accomplished with the solid products of our past.

Maybe we should put together a checklist or functionality list. Your additional thoughts?

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#82 Post by mikeb »

theres a lot of experience versus opinions in these parts... some examples of actual breaches would be handy to help quantify the situation.

mike

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#83 Post by greengeek »

gcmartin wrote:Everyone, we have bits and pieces scattered, we just need a true Apple/Windows functional replacement where NOTHING needs be installed to allow any user to launch with exactly similar functionality seen from mainstream vendors....
In my years in Puppyland, noone seems to want to look at this, this way. I'm not sure why,
I guess what you are asking for is a 'turnkey' solution that does everything the user wants it to. The problem with that is that end users are not all the same - one solution does not fit all. This is one of the reasons why Windows (and Ubuntu) are so bloated - they try to cater for every person and every level of experience.

Also new converts from Windows simply MUST learn a different way of doing things if they come to Puppy - that learning process is critical and I'm not sure that attempting to build a turnkey solution will solve their problems - it might just encourage them to reach for too much too soon. No point hooking your puppy up to your corporate network in the hope that it will be a straightforward replacement for whatever PC or Mac your IT department has specified and qualified for that environment. Maybe Puppy simply IS NOT ready to be a replacement.

Maybe Puppy users NEED to be more prepared to fine tune their own systems and find alternative ways of doing things, rather than expecting such a turnkey solution?

I'm definitely not against progress but I am against generation of false expectations.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#84 Post by jpeps »

greengeek wrote:I guess what you are asking for is a 'turnkey' solution that does everything the user wants it to. The problem with that is that end users are not all the same - one solution does not fit all. This is one of the reasons why Windows (and Ubuntu) are so bloated - they try to cater for every person and every level of experience.

Also new converts from Windows simply MUST learn a different way of doing things if they come to Puppy - that learning process is critical and I'm not sure that attempting to build a turnkey solution will solve their problems - it might just encourage them to reach for too much too soon. No point hooking your puppy up to your corporate network in the hope that it will be a straightforward replacement for whatever PC or Mac your IT department has specified and qualified for that environment. Maybe Puppy simply IS NOT ready to be a replacement.

Maybe Puppy users NEED to be more prepared to fine tune their own systems and find alternative ways of doing things, rather than expecting such a turnkey solution?

I'm definitely not against progress but I am against generation of false expectations.
I'll take a stab at translating your post into gcspeak, so it can be better understood.

We might assume that what is asked for is a 'turnkey' solution that does everything the user wants it to. Others might assume that end users are not all the same - one solution does not fit all. This is one of the reasons why Windows (and Ubuntu) may be considered overly bloated, in that they try to cater to every level of experience.

It is commonly thought that new converts from Windows simply MUST learn a different way of doing things if they come to Puppy. Some developers (mentioned in my previous posts) have already begun solving that problem. We are almost there!

We in the Puppy community NEED to be more prepared to offer users the advantages of fine tuned systems with alternative modes (hint: improved documentation) of addressing the developmental needs of the future. We should have the foresight and courage to see the immediate opportunities for moving forward that is right before our eyes, for those with the vision to see it.

This is meant only to be helpful. Ideas/suggestions?

gcmartin: am I close? :)

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#85 Post by rufwoof »

I'm relatively new (3 weeks) to puppy (Slacko 5.7) and started off by remastering my own that had loads of things in it.

Subsequently I've gone the complete opposite and deleted out abiword, gnumeric and firefox, replacing those with a libre office SFS that I can load when needed, and opted for portable-firefox, such that my boot DVD (frugal running) is very lean.

I found a means to combine PET's and SFS's into a single SFS and have build a single multi-media SFS that contains xvidcap, openshot, audacity and blender. I have both those sfs's (libre and muti-media) on the desktop (dragged/dropped) so I can load/unload them as required.

I came from a XP background, not having liked the office upgrades in later versions of windows, and originally created a virtual box fresh image of XP and office that ran under puppy, but have since just dropped that as puppy does all I need.

One thing I do miss is the plug-n-play however, as puppy is more plug and read a lot/try/configure ....

My goal is to have the puppy desktop PC connected to the TV (display) and then use a tablet to control that (as a form of intelligent remote control). i.e. vnc. So as long as the tablet can detect devices (plug-n-play) that will resolve the problem. And whilst out and about, I'll still be able to connect/control the puppy desktop, albeit at a lower resolution (wireless internet speed rather than internal home wireless speed). For that purpose I've installed xvkbd in puppy. (I've also opted for sakura terminal rather than urxvt as that better supports copy/paste the way I prefer it to do so (and fonts/colours and a whole lot of other things)).

Rather than the whole/everything approach (Knoppix LiveDVD style), I think the lean core and add in what you want approach is the better of the two.

What would be nice would be to have better guidance of which kernel/puppy to initially select to build upon. I worked through loads before finally settling for Slacko 5.7, more due to blindness of which kernel and puppy would be the more appropriate for my hardware (many puppies wouldn't work with my particular hardware (in particular the wireless USB adapter)). And one that was relatively bear, just a means to get a gui up and running with internet connected, and then add whatever browser was preferred and then .... add additional packages as deemed to be appropriate for needs.

Having waded through loads of sneekylinux youtubes and the wide range of linux choices, the conclusion I came to was that they're all just a basic desktop GUI (program) that enables launching other programs (spreadsheet etc), but just presented 101 different ways. At the heart however is a kernel that works with the particular hardware, a preferred choice of GUI (to install and run required programs), and a means to browse the internet.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#86 Post by greengeek »

rufwoof wrote:...and have build a single multi-media SFS that contains xvidcap, openshot, audacity and blender. .
How big is the multimedia sfs? I'd be keen to download a copy if you're willing to host it somewhere?

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#87 Post by jpeps »

greengeek wrote:
rufwoof wrote:...and have build a single multi-media SFS that contains xvidcap, openshot, audacity and blender. .
How big is the multimedia sfs? I'd be keen to download a copy if you're willing to host it somewhere?
They're simple to make, but can cause problems when overly combined. I think it's wise to use SFSs with discretion.

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#88 Post by rufwoof »

greengeek wrote:
rufwoof wrote:...and have build a single multi-media SFS that contains xvidcap, openshot, audacity and blender. .
How big is the multimedia sfs? I'd be keen to download a copy if you're willing to host it somewhere?
127MB http://www.murga-linux.com/puppy/viewtopic.php?t=92616

Created by downloading appropriate individual PET's/SFS's and then using createsfs script from http://www.murga-linux.com/puppy/viewto ... 72&t=38432 and running the command :

./createsfs -f multimedia audacity-1.3.14.pet Blender263.sfs openshot-1.4.2.sfs xvidcap-1.1.7.pet

For portable firefox I downloaded shinobar's http://www.murga-linux.com/puppy/viewtopic.php?t=91945 - which works really well IMO. Dowloads the latest version at first run and then keeps everything outside/separate.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#89 Post by mikeb »

so any actual accounts of a system intrusion via say firefox...think it has a large enough user base to not come under the obscurity heading?

mike

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#90 Post by jpeps »

mikeb wrote:so any actual accounts of a system intrusion via say firefox...think it has a large enough user base to not come under the obscurity heading?

mike
Deriving any conclusions based on opinions of a few responders would be almost meaningless.

http://www.mozilla.org/security/known-v ... refox.html

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#91 Post by mikeb »

hmm well if potential vulnerabilities seem to spring up from the web surely there would be some actually incursions? After all looking for IE related ones produces many many hits....

Just I get asked for evidence outside of my experience so it only seems fair to balance that by asking for evidence to show that software in general has actually suffered from the same sort of security problems that IE integrated systems do.

After all if such as firefox is causing systems both windows and linux to be compromised then we need to know about it...I would like to know about it....after all I use it daily for everything including banking.

Anything could happen...I want to know about what does in order to guard against it.

mike

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#92 Post by jpeps »

mikeb wrote:
Anything could happen...I want to know about what does in order to guard against it.

mike
Unlikely, given the way you phrased that. How often do you think it is that people alter their viewpoints merely because of facts?

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#93 Post by mikeb »

Indeed ...millions still harm themselves in various ways in spite of solid evidence showing them the causes and effects.... smoking, bad diet etc etc..

Not sure how to phrase it really.... just seems i am supposed to follow rufwoof's suggestions based on possible problems even though he himself is using firefox and has not mentioned any addition security measures apart for his internet banking approach. In his book no one should go on the net full stop. Since millions do daily , some of them without a problem I tend to question that way of thinking.

all cars potentially could set on fire at any time .... they contain flammable fuels and potential sources of ignition. Fortunately they are designed with safety in mind and do not appear to under normal circumstances. There have been exceptions in the past due to poor design but fortunately we are past those days.

Should everyone have the fire brigade on standby for every journey?... perhaps only push the car to the bank just in case? Are cars fitted with heat sensing fire extinguishers under the hood? Perhaps not a perfect analogy but are we past the days of windows 98 and only the nutters who drive dangerously, and the same who collect craps from dodgy sites cos there is a free gift waiting for them are the real threats?

Funny really...i get told by systems admins that recent incarnations of windows are safe if ran as a user.... as long as the user behaves responsibly..... and the feedback I see seems to back this up. If the other side is not going to set fire to itself any more why the hell is there all this panic in linux land?

yours calmly

mike

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#94 Post by rufwoof »

I'm not suggesting you don't go on the internet. But assume that its insecure to do so rather than the assumed I'm safe thoughts that you proposed.

In my experience, if you can think of a means to gain financially or intellectually, then likely someone else has already thought and implemented a similar idea. I suspect that applies equally to both legal and illegal activities.

So if a software provider provides a list of their vulnerabilities http://www.mozilla.org/security/known-v ... refox.html and a dubious web site develops means to exploit those vulnerabilities - specifically the ones that can permit installation of their own code without any user intervention, then there is a risk that some are doing so.

To further help such activity, most browsers by default declare quite a bit of information http://whatsmyuseragent.com/ such that exploits can be specifically targeted to each visitor to the web site.

Being aware of what can happen and seeking to minimise such risks makes it less likely that it will happen. Even a simple thing such as changing your published useragent might help (in firefox that involves using about:config to create a general.useragent.override string value and populating that with whatever (Micky Mouse browser running under Donald Duck operating system perhaps). Further steps might involve booting from a clean installation and avoiding any other web sites other than the bank/financial party both before and after that session.

Houses burn down and I insure against that risk in the hope of it never being called upon. Others are less fortunate - but I have no idea of how many that might be, I'm only aware that the risk exists. Taking steps to reduce risks is wise IMO.

I've seen academic reports detailing the high level of IT security breaches and considerable amounts stolen from large corporations. For the time being I suspect that is the more preferred choice of target. As that becomes increasing more difficult however they'll move onto less rewarding easier alternatives.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#95 Post by jpeps »

rufwoof wrote:
In my experience, if you can think of a means to gain financially or intellectually, then likely someone else has already thought and implemented a similar idea. I suspect that applies equally to both legal and illegal activities.
I've arrived at a solution for investing that has worked consistently well for at least a decade. I'll research a particularly candidate thoroughly using both fundamental and technical analysis. Then I'll listen in to conference calls until I'm absolutely certain my data is correct. Only after much patient research of this nature, and coming to an absolute conclusion that it's a sure win will I reject it.

Post Reply